Hackers Are Targeting VoIP Providers In Ransomware Attacks

Provider Telnyx suffered outage over multiple days after threat actors disrupted its services.

VoIP service Telnyx became the latest in a line of VoIP services to suffer outages, after it was hit by hackers this week.

The victim of a distributed denial of service (DDoS) attack, the company warned its users that they may experience a break in service, and dropped calls, while the attack was ongoing.

Hackers have hit out at other VoIP providers in the last few weeks, including VoIP Unlimited and Voipfone.

What Happened in Telnyx DDoS Attack?

The attack on Telnyx began on the 9th of November. Telnyx posted a message on its support page informing customers that it was experiencing a DDoS attack, and that they may suffer outages. I added that its course of action to remedy the issue was to  migrate traffic to the CloudFlare network.

The company confirmed that all systems were operational on the 11th of November, and global traffic now sat behind CloudFlare's DDoS protection systems.

‘Telnyx is currently experiencing a DDoS attack. Until we reach a resolution, you may be experiencing failed calls, API and portal latency/time outs, and/or delayed or failed messages'. – Telnyx support message

It is believed that the purpose of these attacks at Telnyx and across the industry is to disrupt services and extort money, according to some experts.

‘Unprecedented' Attack on VoIP Networks

Unfortunately, the attack on Telnyx this week isn't an isolated incident. In September, Voipfone was hit with a DDoS attack, and yet again, in late October. Another provider, Canada-based VoIP.ms, was also attacked in September.

In the case of VoIP.ms, a demand was issued to the company from an account purporting to be the hackers, demanding 100 Bitcoin, around $4.2 million.

‘ok, enough communication. The price for us to stop is now 100 Bitcoin. I am sure your customers will appreciate your 0 f**ks given attitude in multiple law suits. REvil.' – Twitter message to VoIP.ms from hackers

The group on Twitter claimed to be REvil, a notorious, organized gang that targets companies in ransomware attacks. The group was actually reported as suddenly going offline earlier in the year, but recent attacks suggest it may have returned.

Following the attacks, Comms Council UK told the BBC that the issue ‘appear[s] to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals', describing the scale of the attack as ‘unprecedented'.

‘We have never seen anything like it since we were established back in 2004' – Comms Council UK spokesperson

How Can I Avoid VoIP Attacks?

In reality, as a customer, there's little that companies can do to avoid DDoS attacks like this, and the responsibility lies solely with their VoIP provider.

Currently, it appears that the attacks have been aimed at smaller VoIP providers, who may be more vulnerable than the big name brands. We've also seen that those who have suffered attacks, such as VoIP.ms, have seen repeated attacks.

It may be small comfort, but unlike most ransomware attacks, the main aim of this DDoS method is to disrupt the service in an attempt to get the companies involved to pay up, rather than the more traditional route of threatening to leak sensitive data.

If you've been affected by a VoIP outage as a result of your provider suffering a DDoS attack, you may want to consider switching VoIP provider.

Written by:

Jack is the Deputy Editor for Tech.co. He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals